{"report_id":"8320bbbe-4ce4-4dfc-985e-d77732c3e419","version":6,"status":"done","tags":[],"date":"2026-04-06T12:52:25Z","url":{"schema":"http","addr":"avanzaringenieriaysalud.com/wp-content/d0cs/Windows/utility.php","fqdn":"avanzaringenieriaysalud.com","domain":"avanzaringenieriaysalud.com","tld":"com"},"ip":{"addr":"162.241.60.30","port":0,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"avanzaringenieriaysalud.com/wp-content/d0cs/Windows/utility.php","fqdn":"avanzaringenieriaysalud.com","domain":"avanzaringenieriaysalud.com","tld":"com"},"title":"e-sign","dom":{"size":302759,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (65389)","md5":"9d8c66f674d9fa243e62b4511e96eff5","sha1":"4997c68a779ec75fa0a07b8bb029e91ae8091f25","sha256":"6a17ff95f449ffecc95e7b4e7a55d3d6d93f1fb915ba4584d1183379e6a15c7f","sha512":"1841e29655ee7894dfbc49dbe0ea528a3b6b9bd8bbe5227d44cb9d6b9853338d35ed082c87a3f5819150e17077f5bb9aee2a74b93732391ca748b26c8c70d076","ssdeep":"6144:6Edo2Cp6Edo2Cp9UNuO+L6qFnxw7Ap27rpZioq:6Edo2Cp6Edo2Cp9UNuODqFnqkp27rpZS","tlshash":"4854123157813dbb583cca8c71d13e842ed8decfc6b8524535f5a0e282ee752adb1259","dom_hash":"domhasha54d4d55d051a5234c8cada3651a2beb","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"avanzaringenieriaysalud.com/wp-content/d0cs/Windows/utility.php","fqdn":"avanzaringenieriaysalud.com","domain":"avanzaringenieriaysalud.com","tld":"com"},"ip":{"addr":"162.241.60.30","port":0,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-11T12:52:25Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"avanzaringenieriaysalud.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"avanzaringenieriaysalud.com","ip":{"addr":"162.241.60.30","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"domain_registered":"2020-07-21","domain_rank":0,"first_seen":"2026-01-31T21:22:54.735362Z","last_seen":"2026-01-31T21:22:54.735362Z","alert_count":2,"request_count":2,"received_data":10375306,"sent_data":1070,"comment":"","tags":null,"fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"cbbe1d09062adae9c5ac2072916835d8","sha1":"239b4affabc624fb1ff7b50b6badb3b9b0bdea2e","sha256":"a4ebf483a1c57306949abc7828d084c038134f8df5c285b804d37b06141d4177","sha512":"0c665c32b50fe00dabccbfdc240fabd5e05b2bbf6bbf67e1d1b4d0c93d860b15ca309aee8f1eb9840c903913b6f77492d131a05b6d86a3327e2a8cdff0653b77","magic":"Composite Document File V2 Document, Can't read SAT","size":10072064,"url":{"schema":"https","addr":"avanzaringenieriaysalud.com/wp-content/d0cs/Windows/download/index.php","fqdn":"avanzaringenieriaysalud.com","domain":"avanzaringenieriaysalud.com","tld":"com"},"ip":{"addr":"162.241.60.30","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"archive":null,"alerts":{"urlquery":null,"analyzer":null}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"avanzaringenieriaysalud.com/wp-content/d0cs/Windows/utility.php","fqdn":"avanzaringenieriaysalud.com","domain":"avanzaringenieriaysalud.com","tld":"com"},"ip":{"addr":"162.241.60.30","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"8f442e1962e6c86adabaad2c0d55c2f7","sha1":"f5d7a63f276ffc5cc9da2758160e594eba149690","sha256":"f5d5656b51b4ef88d1c737ea38eb46e504a4061f49931a9053408e426d40418f","sha512":"4e6af65199135771a0bf43892b6fd1d4b736a58f9af709ec4e22a136114a3a81d3314a1d8d83c6f11e9ca03807631a286cd3f4b8458e565f7d5a3067e2142a8e","ssdeep":"","tlshash":"4cd0220e38e166042c656812152e39ca703b3573200c880c7c8e5ea81f0a34e401fed3","size":229,"data":"","first_seen":"2026-01-31T21:22:59.963937Z","last_seen":"2026-04-08T14:15:54.158651Z","times_seen":18,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"avanzaringenieriaysalud.com/wp-content/d0cs/Windows/utility.php","fqdn":"avanzaringenieriaysalud.com","domain":"avanzaringenieriaysalud.com","tld":"com"},"ip":{"addr":"162.241.60.30","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-06T12:51:59.967Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.avanzaringenieriaysalud.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Feb 2026 10:13:59 GMT","end":"Thu, 21 May 2026 10:13:58 GMT"},"fingerprint":{"sha1":"E1:BB:36:3B:7F:20:07:DD:A2:4B:2E:AB:C6:91:0E:F9:EC:D4:15:56","sha256":"51:94:6E:17:B7:36:BF:6C:03:C8:E1:57:AD:78:74:C7:C6:B2:70:8C:58:2C:8C:BA:C0:AF:49:56:5B:CC:A0:91"}}},"request":{"raw":"GET /wp-content/d0cs/Windows/utility.php HTTP/1.1\r\nHost: avanzaringenieriaysalud.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Mon, 06 Apr 2026 12:52:00 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":302727,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (65396), with CRLF line terminators","md5":"a4fad45bae1a2d71b2b81847cd09f90e","sha1":"c8907b421c7cb2666c1b1830b8375d8efa0b269c","sha256":"e9e6a6a564cf56c00a63b49feba06b479fa7538672afb503c6c3041677c4ba39","sha512":"cedfe21719372d4bb330035029aa0fdfe776650ddd33a7e10c32e7fc2b89f4069043147f915de9a3e9e6c3ad321a4e641ce278523ce91b3019aaae45d6cec56d","ssdeep":"6144:1Edo2Cp6Edo2Cp9lNuO+L6qFnxw7A+27rpZiow:1Edo2Cp6Edo2Cp9lNuODqFnqk+27rpZI","tlshash":"9654123157813dbb583cca8c72d13e842e98decfc6b8924535f5a0e382ee751adb1259","first_seen":"2026-01-31T21:22:59.958676Z","last_seen":"2026-04-08T14:15:54.150332Z","times_seen":5,"resource_available":true,"data":null}},"time_used":2588,"timings":{"blocked":659,"dns":258,"connect":197,"send":0,"wait":1270,"receive":0,"ssl":202},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"avanzaringenieriaysalud.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"avanzaringenieriaysalud.com/wp-content/d0cs/Windows/download/index.php","fqdn":"avanzaringenieriaysalud.com","domain":"avanzaringenieriaysalud.com","tld":"com"},"ip":{"addr":"162.241.60.30","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-06T12:52:05.711Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.avanzaringenieriaysalud.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Feb 2026 10:13:59 GMT","end":"Thu, 21 May 2026 10:13:58 GMT"},"fingerprint":{"sha1":"E1:BB:36:3B:7F:20:07:DD:A2:4B:2E:AB:C6:91:0E:F9:EC:D4:15:56","sha256":"51:94:6E:17:B7:36:BF:6C:03:C8:E1:57:AD:78:74:C7:C6:B2:70:8C:58:2C:8C:BA:C0:AF:49:56:5B:CC:A0:91"}}},"request":{"raw":"GET /wp-content/d0cs/Windows/download/index.php HTTP/1.1\r\nHost: avanzaringenieriaysalud.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-description: File Transfer\r\ncontent-disposition: attachment; filename=\"Docusign.Client.msi\"\r\npragma: public\r\ncache-control: must-revalidate\r\nexpires: 0\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-type: application/octet-stream\r\ndate: Mon, 06 Apr 2026 12:52:05 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":10072064,"size_decoded":0,"mime_type":"application/octet-stream","magic":"Composite Document File V2 Document, Can't read SAT","md5":"cbbe1d09062adae9c5ac2072916835d8","sha1":"239b4affabc624fb1ff7b50b6badb3b9b0bdea2e","sha256":"a4ebf483a1c57306949abc7828d084c038134f8df5c285b804d37b06141d4177","sha512":"0c665c32b50fe00dabccbfdc240fabd5e05b2bbf6bbf67e1d1b4d0c93d860b15ca309aee8f1eb9840c903913b6f77492d131a05b6d86a3327e2a8cdff0653b77","ssdeep":"24576:O40gbfOaC0Zob1kh6pYSP8liyfEKqvbAulg2IArb2DD6f:jDOahob3PMi+cv88T3J","tlshash":"752533f10889dbb7ea47ca3a8d541d8a26307cd4eb0966f75bf5760d01b0b60af603d6","first_seen":"2026-01-31T21:22:59.961639Z","last_seen":"2026-04-06T12:52:29.910776Z","times_seen":3,"resource_available":true,"data":null}},"time_used":261,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":261,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"avanzaringenieriaysalud.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}